Scale of cyber-attacks on Iran further unveiled with Flame Stuxnet link

The scale of the ongoing cyber-attacks on Iran was further unveiled after
technology experts announced that two computer viruses used to disrupt the
regime’s nuclear programme were almost certainly created by the same
authority.

Independent experts said the discovery by the Russian Kaspersky Lab was “hugely significant”, confirming the scale of the West’s ongoing cyber-warfare programme and warning that the US and western critical infrastructure was now increasingly vulnerable to revenge attacks.

“For years we’ve been hearing this real Cassandra talk, from guys like Leon Panetta, about how the next Pearl Harbour could be online,” Noah Shachtman of the Brookings Institution’s 21st Century Defense Initiative told The Telegraph.

“It always seemed a little bit out of whack with what we saw in the real world. But now we know that what they were talking about wasn’t what other people might do to us, it was what we were doing to others.

“This discovery gives a much fuller picture of what this much larger campaign of espionage and sabotage entailed. We knew about Stuxnet and we knew about Duqu [another cyber weapon]... And now we’ve got this third, major effort to do all kinds of espionage, and evidence strongly suggests that they’re all linked.

The Kaspersky findings traced a “missing link” between the “Stuxnet” virus, which was first identified in 2009, and “Flame” which was discovered on hundreds of computers in Iran last month, but also traces its origins back to 2008.

Both are now said to contain a piece of source code, known as “Resource 207” that is designed to enable the viruses spread via USB pen drives.

Kaspersky said worms are believed to have diverged, with 'Stuxnet’ used for “sabotage” and 'Flame’ as a “general-purpose espionage tool”.

Kapersky said the discovery of the link contradicts those who were sceptical that “Flame” was a cyber-weapon. Only last week the UN’s telecommunications head, Dr Hamadoun Toure, said he did not believe the US was behind Flame describing US involvement in Stuxnet as “speculation”.

Vitaly Kamluk, chief malware expert at Kaspersky, said he also had initially not been confident that “Stuxnet” and “Flame” had shared origins, but that technical analysis showed he had been mistaken.

“It puts flame on a different level of threat and it makes it more dangerous because you understand that there are very high-profile professionals behind it,” he added. “This is no joke.”

A recent New York Times investigation has suggested that President Obama, in cooperation with the Israelis, has consistently ordered sophisticated cyber attacks on the computer systems that run Iran’s main nuclear enrichment facilities.

Roel Schouwenberg, senior anti-virus researcher at Kaspersky, said that understanding how “Flame” worked was of “huge importance” to the future of computer security, and pointed to the need to produce some ground rules on a new dimension in warfare.

The risk of attack, he added, was no longer theoretical as they were already happening.

“The best example of that is that I had somebody from US critical infrastructure come to me and say ‘we found Stuxnet within our network’,” Mr Schouwenberg added, “and if we hadn’t done all these external safety checks then Stuxnet could have caused a power outage in the United States.

“That shows already the perfect example of how things could have gone very wrong and with that in mind, this is a conversation that needs to be had, and I don’t think there is any hype whatsoever about this, this is an extremely important issue.”